On 12 Aug 2017, at 11:44, Richard Barnes wrote:
On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman <paul.hoff...@vpnc.org>
wrote:
On 12 Aug 2017, at 10:14, Ted Lemon wrote:
El 12 ag 2017, a les 13:09, John Levine <jo...@taugh.com> va
escriure:
Right. That's why it's long past time that we make it clear that
non-broken resolvers at any level will treat localhost as a special
case. As you may have heard, we are not the Network Police, but we
do
publish the occasional document telling people what to do if they
want
to interoperate with the rest of the Internet.
With respect, John, the issue I raised here isn't interop. It's
security.
It's security through interop. It's causing systems that want to hope
that
"localhost" has a particular meaning that has security implications
to have
a better chance that their hope is fulfilled.
And giving systems that want to ensure that they never mistake
"localhost"
for something other than loopback to have a better chance that they
won't
break things.
Sorry, yes: that too. It applies to hopefulness on both sides.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
